Chapter 7 VPN

STEP 3 To provide enhanced security, check Enable Perfect Forward Secrecy, and then select the Diffie-Hellman Group to use from the drop-down list.

Note This feature must be supported by both VPN devices.

STEP 4 Configure the Phase 2 Local ID checking options to determine how the X family device negotiates IKE Phase 2 local-id checking. For details, see “Phase 2 Local ID configuration options” on page 206.

STEP 5 Click Create/Save to save the configuration.

Click Cancel to return to the VPN - IKE Proposals page without saving the changes.

For detailed field descriptions, see “IKE Proposal Phase 1 and Phase 2 Configuration Parameters” on page 202.

L2TP Configuration

Overview

Layer 2 Tunneling Protocol (L2TP) allows a dial-up user to make a virtual Point-to-Point Protocol

(PPP)connection to an L2TP Server on the VPN. L2TP sends PPP frames through a tunnel between a user and the L2TP Server.

You can configure the X family device to act as an L2TP Server with support for L2TP over IPSec. L2TP over IPSec is a combination of protocols commonly used to authenticate a user (L2TP) and encrypt data (using IPSec). It is much more secure than L2TP protocol alone.

As an L2TP Server, the device can terminate L2TP connections from VPN clients, such as those included with Windows XP or Windows Vista.

Note To use the device as an L2TP VPN terminator, you must check Support L2TP when you are configuring the IPSec default SA. For details, see “Edit the Default SA for

Client-to-Site VPN Connections using L2TP over IPSec” on page 194 for more information.

L2TP Status

You can view and manage L2TP connections and configuration from the L2TP Status page (VPN > L2TP Status).

208 X Family LSM User’s Guide V 2.5.1